![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 64%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 15%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hi Eddie Caraballo
We understood that you're looking to add a new service tag to your network security rules in Azure.
Kindly check below steps:
- Create or Edit a Security Admin Configuration and Select your Network Manager instance.
Under Settings, click Configurations choose to either: Create a new security admin configuration, or edit an existing one.
- Add a Rule Collection In the configuration, go to the Rule collections tab, click Add to create a new rule collection.
- Provide:
- A name
- Target network groups (where the rule will apply)
3,Add a Security Admin Rule with a Service Tag, Inside the rule collection, click Add a rule.
Fill in the following:
Name and Description
Priority (lower numbers = higher priority)
Action: Allow, Deny, or Always Allow
Direction: Inbound or Outbound
Protocol: TCP, UDP, or Any
Source Type: Choose Service Tag
Then select the service tag (e.g., AzureCloud, Storage, or your newly onboarded tag)
- Destination Type: Choose Network Group or IP/CIDR as needed
Ports: Specify source and destination ports
Service tags represent groups of IP address prefixes managed by Microsoft. They simplify rule creation by abstracting IP ranges.
For more information, please check this document https://learn.microsoft.com/en-us/azure/virtual-network-manager/how-to-create-security-admin-rule-network-group
I hope this helps! If these answers your query, do click the "Upvote" of which might be beneficial to other community members reading this thread.
If the above is unclear or you are unsure about something, please add a comment below.